How severe does this issue affect your experience of using Ray?
- High: this is blocking production use of Ray, due to failing security audits
- related to https://discuss.ray.io/t/ray-wheel-not-supported/1958
Are there any working examples of downloading wheels for specific versions of Ray from Amazon AWS? In particular, we’d like to download a release in the range of 1.9.x through 1.11.x for Python 3.8 on Linux.
The docs all seem to point to using this wheel (either its Py 3.7 or 3.8 version):
While that URL works, it appears to be for release
2.0.0.dev0 (whatever that is).
In “Installing from a specific commit” the docs say to use a URL in the format:
The example in the docs is https://s3-us-west-2.amazonaws.com/ray-wheels/master/ba6cebe30fab6925e5b2d9e859ad064d53015246/ray-2.0.0.dev0-cp37-cp37m-macosx_10_15_intel.whl which returns a 404 error.
I’ve tried many other variations of this, however the only other version that appears to be available for download is:
Also, I’ve never seen a working example of an available wheel based on a commit hash.
- Do any of these exist?
- Is there an actual list of which wheels are available?
FWIW, I’m asking because the Ray images on DockerHub will not pass our corporate security audits. We need to be able to build our own container images for Ray to run on K8s on Azure.
We must use a release that’s later than 1.7.x due to the
build-docker.sh script within the Ray repo is not friendly for development work in regulated corporate environments; it would be much more effective if the Ray repo had scripts that generated Dockerfile source instead, then built container images from those.
Another suggestion would be for Ray to use
grype, as part of the CI pipeline, to scan container images for vulnerabilities.
As an alternative approach, are there any full
Dockerfile examples for running Ray on K8s?